DISC InfoSec blog

The UK’s 2010 National Security Strategy identified cyberattacks as one of the four highest-priority risks faced by the UK. President Obama has declared cybersecurity as one of the most serious economic and national security challenges the US faces as a nation.

There is an Advanced Persistent Threat (APT) posed by organised crime and state level entities, targeting large multi-national corporations and foreign governments. Organisations of all sizes can suffer collateral damage. China has been regularly identified in the press as a major player in modern cyberwar activities but, until now, little has been written to describe the depth and severity of this threat.

21st Century Chinese Cyberwarfare, from IT Governance Publishing, is a comprehensive and in-depth review of the Chinese role in cyberwarfare. Drawing on a combination of cultural, historical, business, linguistic and personal experience, the book attempts to explain China to the uninitiated. It describes how the combination of Chinese Communism and the unique cultural and linguistic heritage of the People’s Republic of China are driving Chinese cyber activity.

The author, Lieutenant Colonel (Ret’d) William Hagestad II, is an internationally recognised subject matter expert on the Chinese People’s Liberation Army and Government Information Warfare. He advises international intelligence organisations and multi-national commercial enterprises with regard to their internal IT security governance and external security policies, making him the ideal person to write this book.

21st Century Chinese Cyberwarfare is the first book to gather the salient information regarding the use of cyberwarfare doctrine by the People’s Republic of China, highlighting the increasing threat it imposes to the western world and the fact that Chinese cyberwarfare is a clear and present danger that can no longer be ignored. The book should be read by many, from individuals through to governmental departments, with everyone finding benefit in it.

William Hagestad II adds, “My intent with this book was to introduce my readers to the Chinese culture, history and language through the lens of the People’s Liberation Army (PLA) information security & cyber warfare initiatives as a basis for economic, political and military hegemony by the Chinese Communist Party.”

Alan Calder, CEO of IT Governance comments, “This book provides a fascinating and comprehensive study of the evolution and current nature of the Chinese approach to war ‘by other means’, conducted in what the Chinese see as the fifth sphere of war: cyberspace. ‘Know your enemy’ is a good starting point for any defence strategist and this book is an outstanding contribution to a better understanding of cyber security challenges that should be read by information security professionals the world over.”

21st Century Chinese Cyberwarfare can be purchased in local currency from the ITG website

Related story

NATO Drafting Cyber Warfare International Law Manual

By SEN. KAY BAILEY HUTCHISON, SEN. CHUCK GRASSLEY, SEN. SAXBY CHAMBLISS and SEN. LISA MURKOWSKI @ POLITICO

The Senate is about to consider cybersecurity legislation. Ensuring the integrity and safety of our nation’s critical infrastructure is a bipartisan issue that Congress and President Barack Obama must work together to tackle.

There is a right way and a wrong way to address cybersecurity. The right way is for the government and private sector to work together to solve problems, help the free flow of information between network managers and encourage investment and innovation in cybersecurity. The wrong way is new, heavy-handed, costly regulation and further expansion of government bureaucracy that will slow our nation’s response to cyberthreats and increase vulnerabilities.

First, the government must do a better job of protecting its own systems. These networks contain some of our most sensitive data and control some of our most important facilities. To improve network security, there are two areas in which Congress could legislate immediately.

The first is reforming the Federal Information Security Management Act. This law, crafted to improve the security of government information systems, is a decade old and should be updated with a real-time monitoring system.

The second critical component is leveraging our key federal research institutions — including national laboratories, the National Science Foundation and the Defense Advanced Research Projects Agency — to maintain U.S. global leadership in cybersecurity innovation. By developing leading-edge cybersecurity technologies, the United States can stay one step ahead of cyberthreats, whether from hackers, terrorists or nation-states.

Though improving the security of government systems is a crucial first step, it is not enough. The federal government does not own the overwhelming majority of the infrastructure that could be the target of cyberthreats.

For example, more than 1,800 entities own or operate components of our nation’s electrical grid. To secure critical infrastructure, we should focus on strengthening our existing oversight frameworks instead of creating duplicative regulatory regimes that give additional agencies, such as the Department of Homeland Security, broad new authorities to regulate.

In fighting cyberthreats, forewarned is forearmed. The single most effective way of advancing cybersecurity is sharing cyberthreat information between the government and industry, as well as within the private sector. Yet this collaborative relationship is undermined by our laws and policies — which put the government and private entities at a severe disadvantage in proactively identifying and countering cyberthreats.

The government often collects valuable information about potential threats that can and should be shared with private entities — without compromising national security. Companies should be free from legal barriers and constraints that prevent or deter them from voluntarily sharing cyberthreat information with their peers or with the government.

As a government, we should work with the private sector to help them respond to cyberthreats. Not punish them for being victims of cyberattacks or for working with others to prevent future attacks.

In addition, our nation’s criminal laws must be updated to account for the growing number of cybercrimes. We support legislation to clarify and expand the Computer Fraud and Abuse Act — including increasing existing penalties, defining new offenses and clarifying the scope of current criminal conduct.

These changes will ensure that our criminal laws keep pace with the ever-evolving threats posed by cybercriminals.

This approach should lead to significant strengthening of our nation’s cybersecurity and quickly gain bipartisan support in Congress. Unfortunately, the administration’s proposal would create new, massive and ill-defined regulatory burdens — forcing many private companies that work with digital networks to be regulated by DHS.

Such broad new regulatory powers will, in turn, require a dramatic and costly expansion of the federal bureaucracy and its regulatory reach. This expansion will not help secure America’s networks and will harm both innovation in cybersecurity and our nation’s already suffering economy.

Now is not the time to increase the size and cost of the federal bureaucracy. We need to focus instead on reforming existing federal government entities, streamlining and targeting regulatory efforts, looking for efficiencies and strengthening our nation’s capacity to deal with cyberattacks.

The administration’s proposal is ultimately a costly and heavy-handed regulatory approach. It will not work and it won’t pass Congress. We hope the president will work with us on a more collaborative approach between government and business to effectively address the critical issue of cybersecurity.

2011 will be remembered as the year of the hacker. Large, well know brands were targeted like never before causing a media frenzy and major concern for consumers around the world.
Make your New Years-Resolution to tackle Cybersecurity. Get a head-start. Buy this book and let the master strategists show you how to fight the information war!

Tis the season to be jolly,
Put an eBook in your trolley,
In the warm without a brolly,
Don’t miss out – you could be sorry!”

Assessing Information Security: Strategies, Tactics, Logic and Framework
by Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski.

RRP: $69.99

Price: $49.95
You Save: $20.04

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did. – Bruce Schneier

Realise the benefits of Internet technologies, while ensuring your company is protected from the associated risks.

If you want to make the Internet work for your business, you need to take the right precautions – Buy this book today!

Realize the benefits of Internet technologies, while ensuring your company is protected from the associated risks!

An effective risk management strategy is vital to your company s survival
Internet technologies have revolutionized the way that business is conducted. However, these innovations expose your business to various risks. Inadequate security can lead to the theft of customer data and, in the event of technological failure or a cyberattack, your business could lose its ability to function altogether. An effective risk management strategy is, therefore, vital to your company s survival.

Understand the origins of cyber risks and develop suitable strategies for their management
Cyber Risks for Business Professionals: A Management Guide is a general guide to the origins of cyber risks and to developing suitable strategies for their management. It provides a breakdown of the main risks involved and shows you how to manage them. Covering the relevant legislation on information security and data protection, the author combines his legal expertise with a solid, practical grasp of the latest developments in IT to offer a comprehensive overview of a highly complex subject.

Expert guidance examining the operational and technological risks
Drawing on interviews with experts from Clifford Chance, Capgemini and Morgan Stanley amongst others, the book examines the operational and technological risks alongside the legal and compliance issues. This book will be invaluable to lawyers and accountants, as well as to company directors and business professionals.

Secretary of Defense William S Cohen on the 3 Main Threats Facing the United States, secretary Cohen emphasis cyber threat is the most dangerous out of three. Click the link above to watch his video on three main threats.

Famous quotes from Secretary Cohen:
While we are not and cannot become the world’s policeman, neither can we become a prisoner of world events, isolated and tucked safely away in a continental cocoon.

There is no foolproof security that we can provide. But to say that we can’t protect against everything doesn’t mean that we shouldn’t protect against those that can cause us catastrophic harm.

For while the threat of nuclear holocaust has been significantly reduced, the world remains a very unsettled and dangerous place.

Terrorism is escalating to the point that Americans soon may have to choose between civil liberties and more intrusive means of protection.

We will not win the war on terror through military action. The sharing of information and intelligence will be vital to protecting our country.

The more reliant we become upon computers and information systems, the more vulnerable we become to cyber-terrorists who will conceive unlimited ways to cripple our infrastructure, our power grids, our banking systems, our financial markets, our space based communications systems.

Related books by Secretary of Defense William S Cohen